As IoT devices with microcontroller (MCU)-based firmware become more common in our lives, memory corruption vulnerabilities in their firmware are increasingly targeted by adversaries. Fuzzing is a powerful method for detecting these vulnerabilities, but it…

Learn how to build effective harnesses for fuzzing native libraries on Android. Explore techniques and strategies to uncover vulnerabilities

asnfuzzgen - ASN.1 Structure-Aware Fuzzing Compiler - FICS/asnfuzzgen

Intro

BINSEC: ICSE'25: research paper

LibAFL # The LibAFL fuzzer implements features from AFL-based fuzzers like AFL++. Similarly to AFL++, LibAFL provides better fuzzing performance and more advanced features over libFuzzer. However, with LibAFL, all functionality is provided in a modular and…

Specialized testing tool designed to identify vulnerabilities and bugs in OPC UA (Open Platform Communications Unified Architecture) implementations - ANSSI-FR/fuzzysully

Snapshot fuzzing enables security engineers to effectively test software that is traditionally difficult to analyze, such as kernel-level software (though the technique is not limited to such software). Whether you’re auditing drivers or other kernel-mode…

OGHarn: Oracle-guided Fuzzing Harness Generation. Contribute to FuturesLab/OGHarn development by creating an account on GitHub.

Full noscript: Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware
Slides: https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
…

Fuzz testing is incredibly useful: it has caught many a bug during the development of NTP packet parsing and gzip/bzip2 (de)compression.

But I've always been unsatisfied with the fuzzer being a b ...

Guest post by Dillon Franke, Senior Security Engineer ,  20% time on Project Zero Every second, highly-privileged MacOS system daemons...

Multiple out-of-bounds read and null dereference bugs were identified in Microsoft Defender by using Snapshot Fuzzing with WTF and kAFL/NYX. The bugs can be used to crash the main Defender process as soon as the file is scanned. Most are unpatched, but none…

OSS-Fuzz integrations via agent-based build generation.

We explain how we built a fuzzer for network applications that we tried to make as efficient and as effective as possible. We utilized custom mutators and input passing over shared memory and found that it gave us a huge speed and coverage boost compared…

🚀 We're excited to announce the release of FuzzForge Open Source (OSS)!

FuzzForge is our open-source platform designed to automate offensive security workflows & AI Agents, from static analysis to fuzzing, debugging, and root cause analysis, all with AI…